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28 June 1984 


MEMORANDUM For: CSD / OC 


SUBJECT ; Revisions/Expansions of the System Definition Document 
for PRIM Release 2 


The following section in the SDD was expanded for Release 2: 
3.2 Component Data Files 
The following were revised or deleted from the overall document: 


Reflect new ODP organization on front page 

3.1.3 3rd para reflect new ODP organization 
5th para 0800-1800 to 0700-2000 
7th para reword paragraph 
8th para add 'number of concurrent' to first 
sentence 

3.1.7 2nd para remove reference to second release 
3rd para remove references to MAINID and SFN 
data lists 
Ath para change reference to reflect all 63 COMVAD 
dictionaries in Release 1 
5th para remove reference that CEMLOC will be made 
part of HRS2 ‘in 1983! 
6th para change reference of CAPER to IAPS 

3.3.6 change reference to a query statement executing 
in 3 minutes to 1 2/3 minutes. 

3.3.7 1st para, 2nd sentence add 'be used to' 
2nd para, 2nd sentence add reference to 
PRCHGLOAD, PRIM PERSIGN and PRIMSEP 
Add 3rd sentence 

3.4.3 3rd para, 2nd sentence add ‘concurrent’ 

3.4.6 change reference of 3 minutes to 1 2/3 minutes 
(100 seconds) 

ATTACHMENTS - Figure 4 revised 
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Chapter 1 


INTRODUCTION 


1.1 PURPOSE 


The purpose of the System Definition Document (SDD) is to graphically 
illustrate the PRIM System and its data flow. This SDD defines the 
system by identifying its major functional components (entities) and 
allocating the system requirements, from the Detailed System Require- 
ments Document, to each identified entity. The SDD provides the 
framework for the PRIM design which will be presented in the Prelimi- 
nary System Design Specifications (PSDS). 


1.2 SCOPE 


Although the PRIM System will be designed in a phased approach, this 
SDD will define graphically the total system hierarchy, its functional 
components, interrelationships, and external system interfaces. This 
SDD consists of three Chapters: 


Chapter 1 - ‘Introduction’ presents the purpose and scope of the 
PRIM System Definition Document and all references applicable to the 
contents of the System Definition Document. 


Chapter 2 - ‘System Definition’ presents a general description of 
the system, the system objectives, system interfaces and system data 
flow. 


Chapter 3 - ‘Functional Component Definitions’ presents the defi- 
nition of the system in terms of its functional components. This 
chapter also defines component objectives, functional, performance, 
security, hardware, human engineering, and interface characteristics. 
In addition, this chapter graphically depicts the functional component 
in terms of inputs, processes, outputs and interfaces. 


1.3. REFERENCES 


The PRIM Project Team is utilizing a number of documents, publi- 
cations and other reference material in writing the PRIM System Defi- 
nition Document. They are listed in Table 1 below. 
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TABLE 1 


Documents, Publications and Reference Material 


1. ODP Applications Documentation Standards 
2. FIPS PUBS 38, U. S. Dept. of Commerce (NBS), 15 Feb 1976, 


‘Guidelines for Documentation of Computer Programs and 
Automated Data Systems' 


Specification’, (Prentice-Hall Software Series), 
1979 by Yourdon Inc. 


4. Metzger, Philip W., "Managing a Programming Project', 
1973 by Prentice-Hall, Inc. 


5. PRIM System Development Plan 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
3. DeMarco, Tom, ‘Structured Analysis and System | 
| 
| 
| 
| 
| 
| 
| 
| 
6. PRIM Detailed System Requirements Document | 
| 
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Chapter 2 


SYSTEM DEFINITION 


2.1 SYSTEM DESCRIPTION 


The PRIM System will provide a centralized data base for decentralized 
query by the Personnel Officer, Career Management Officer, Office Di- 
rector, or Training Officer of a component in direct support of the 
component's day-to-day personnel management activities. The PRIM Sys- 
tem will also assist the components in planning and projecting person- 
nel assignments and Career Management activities by providing files 
for a component's use. Components will have the capability to enter, 
update (add, change, delete) and retrieve component data from these 
files. 


To accomplish these two major functions, the PRIM Data Base will 
have two distinctly different sets of files. The first set of files 
(centralized data files) will centralize official data from the Human 
Resources System (HRS2 Data Base) and the second set of files (compo- 
nent data files) will be used as component work files. 


The PRIM centralized data files will receive data via extracts 
and loads from the HRS2 Data Base. Data loaded into the PRIM Data 
Base from the HRS2 Data Base cannot be updated by the components and 
can only be changed by another extract from the HRS2 Data Base. 


The PRIM component data files will be used by the components to 
project personnel assignments, perform career management activities, 
or perform other tasks unique to their component. Unlike the central- 
ized data files described above, these component data files can be 
added to, deleted from, and changed by the components. 


The PRIM System will give the components the capability to create 
reports from the PRIM Data Base using data from either the centralized 
data files and/or their own component data files. Components will be 
able to produce reports online, offline, or graphically. Office of 
Personnel reports from the HRS2 Data Base will, however, continue to 
be the official reporting mechanism for components reporting to the 
Directorate-Level. 


The term component in the context of this Section is defined as a 
separate entity in the Agency's organizational structure be it a di- 
rectorate level, an office, a staff, a division, a service, or a 
center. 
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PRIM component data access will be controlled through a security 
matrix which will protect data from unauthorized access. Components 
will use the PRIM centralized data files for decentralized query of 
all people assigned to that component or having that component's ca- 
reer service designation. All queries made to official data files or 
read and/or write accesses to component data files will be conducted 
through a security matrix which will restrict a user to predetermined 
records, items, and/or files. 


Figure 1.1 and Figure 1.2 of the Appendix illustrates the four 
(4) major functional components of the PRIM System. See the following 
sections for detailed definitions of the major functional components. 


1. Centralizing Official Data for Component Access (Personnel Data 
Files) (Section 3.1) Releases 1, 3, and 5. 


2. Component Data Files (Section 3.2) Releases 2 and 4 
3. Controlled Component Data Access (Section 3.3) 


4. Data Retrieval by Components (Section 3.4) 


2.2 SYSTEM OBJECTIVES 
The four major objectives of PRIM are to provide: 


Oo a means whereby components can access 
selected official data currently resident on 
the HRS2 Data Base, 


o working files for component use in 
planning and projecting personnel assignments, 


o a security matrix to restrict a component 
to only data prespecified for that component's access. 


Oo a component with the capability to create 
reports with data stored in both the centralized 
data files and the component's data files. 


2.3 SYSTEM INTERFACES 


The PRIM System will interface with the Human Resources System (HRS2 
Data Base) of the Office of Personnel. Data will be transferred from 
the HRS2 Data Base and loaded into the PRIM centralized data files on 
a pre-arranged schedule. This data cannot be updated by components 
and can only be changed via another extract from the HRS2 Data Base. 
The data exchanged will include classes such as: employee, organiza- 
tional/position, and validation. Figure 2 of the Appendix graphically 
depicts the HRS2 Interface and the classes of data exchanged. 
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Figure 3 of the Appendix graphically depicts the system-level data 
flow. 


Approved For Release 2005/08/02 : CIA-RDP88-00893R000200060007-0 
UNCLASSIFIED 


or 
Approved For Reldase 20050808 : CIA-RDP§8-00893R000208060007- 34 
SDD-C20-1B 


Chapter 3 


FUNCTIONAL COMPONENT DEFINITIONS 


This chapter will describe the functional, performance, security, 
hardware, human engineering, and interface characteristics for each of 
the functional components of the PRIM System. This chapter will also 
restate the objective and provide a graphic illustration of each func- 
tional component. 


3.1 CENTRALIZING OFFICIAL DATA FOR COMPONENT ACCESS 


3.1.1 Component Objectives 


The PRIM System will provide a centralized data base for Agency compo- 
nents to retrieve official data (organizational, position and employ- 
ee data) currently resident in the Human Resources System (HRS2 Data 
Base). This is a major requirement of PRIM because the HRS2 Data Base 
is not available for Agency components to access. 


31.42 Functional Characteristics 


Components have a constant need to reference data in the HRS2 Data 
Base. The HRS2 Data Base has limited access in order to protect the 
integrity and performance of the official data stored in the HRS2 Data 
Base. By transferring this data from the HRS2 Data Base into the PRIM 
Data Base, the components will have an accurate up-to-date source for 
official data. The data moved from HRS2 will be identical in PRIM and 
will be changed only by another data move from HRS2. 


Reporting capabilities will be established to allow component re- 
porting from the centralized data files. (See Data Retrieval by Com- 
ponents) 


The term components in the context of this section is defined as a 
separate entity in the Agency's organizational structure be it a Di- 
rectorate-Level, an office, a staff, a division, a service, or a 
center. 
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Security restrictions will limit a component to queries and 
reports on only data which pertains to that component. (See Control- 
led Component Data Access) 


3.1.3 Performance Characteristics 


The PRIM System will be designed to provide up-to-date official data 
(organizational, position and employee) for queries and reports gener- 
ated by components. PRIM will receive this data from HRS2 on a pre- 
arranged schedule. Changes to these PRIM files will only be made as a 
result of another extract and load from HRS2 to PRIM. This controlled 
movement of data will guarantee that the data made available to the 
components’'in the PRIM centralized data files is identical to the data 
in the corresponding official HRS2 data files. 


The DBMS must support queries and reports requesting data from up 
to 30 different user data files utilizing a minimum of 70 edit/valida- 
tion dictionaries. 


The initial timing requirement for transferring data to the PRIM 
Data Base will be scheduled to coincide with the update process of 
data in the HRS2 Data Base. The extract of HRS2 data for updating the 
PRIM System must occur after the complete nightly update of the HRS2 
Data Base. This operation will be performed by the DBCC/IMD/ODP 


The centralized data files of the PRIM Data Base must be in sync 
with the corresponding files in the HRS2 Data Base at the beginning of 
each business day. To guarantee this data base file balance, a report 
will be produced daily for the PRIM Data Base Manager which will give 
the number of records moved, the number of records loaded, the sending 
file, and the receiving file. 


The PRIM System will be available for all components during nor- 
mal hours (Monday through Friday from 0700-2000 hours) and other than 
normal hours by advanced request. A degraded mode should only affect 
response time and should not last for more than one day. 


Under a normal working mode, 95% of the direct queries against 
the consolidated data files will complete in 4 seconds and a complex 
query (end-to-end search) will complete at the rate of 2000 records 
per minute. 


The PRIM System will provide consistent responses for queries as 
long as the data and/or the software has not been changed by an up- 
date. 


The estimated number of concurrent users for the PRIM Data Base 
could be as high as 200. The estimated user for the first release 
will be very low (4-10 components). Subsequent components will be 
granted access based on ODP and PERS available resources. Components 
will be asked to have a limited number of designated people who will 
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actually access the data, e.g., Personnel Officer, Career Management 
Officer, or Training Officer. 


Software errors will be given immediate attention. Software en- 
hancements will be documented to guarantee ease in future maintenance. 
The PRIM System will be designed to allow future expansion with little 
affect to the maintainability of the software. 


3.1.4 Security Characteristics 


Security in the PRIM Data Base will control the read access to cen- 
tralized data files, to records within these files, and to specific 
data elements within the records. Security controls will restrict a 
component to query and report on organizational, position, and employ- 
ee data in their respective components or data which has been passed 
electronically. The security controls will also prevent anyone from 
entering new data, deleting data, or changing data values of the HRS2 
data stored in the PRIM centralized data files. Components will be 
asked to have a limited number of designated people who will actually 
access the data, e.g., Personnel Officer, Career Management. Officer, 
or Training Officer. 


Different levels of data will be required by different compo- 
nents. The Directorate-Level will require retrieval access to records 
of employees assigned to all offices under the Directorate or who have 
a Grandfather Career Service Designation associated with the Director- 
ate. However, a component will require access to the records of em- 
ployees who have the service designation of that office, or who are 
assigned to that office. Security may be imposed on specific attri- 
butes within a file. Only designated personnel such as those respon- 
sible for preparing applicant and promotion data for Uniform Selection 
Review Reports can have access to race code. 


The PRIM software identified as the latest production release 
will be completely isolated from all development activity. There will 
be stringent control procedures established for updating the PRIM pro- 
duction software. The version of the PRIM software accepted by the 
user will be the version baselined as operational. 


All of the Data Base Management System software related to con- 
trolling read access to the PRIM System and to data in the centralized 
data files is highly sensitive and will be limited to only the indi- 
viduals needing the information. 


The PRIM System will provide daily reports to the PRIM DBM list- 
ing violations of established read and/or write access control to the 
PRIM System. 


All acceptance testing and production activity performed outside 
of our Headquarters building must utilize only equipment approved for 
classified use. 
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Hardware Characteristics 


olume of data and the number of concurrent users accessing the 
System requires a main frame computer. Peripherals in common use 
de video terminals (Delta Data 5000 or 7260 series) printers (TI 
t 700, Design 100). The PRIM System will utilize these devices 


as long as it is efficient. 


throu 


The PRIM centralized data files will be accessed by components 
gh existing equipment. Components will be responsible for ac- 


quiring any additional equipment needed to access the PRIM system. 


Any e 


quipment, specifically terminals or printers, currently installed 


or newly acquired by the components, must comply with standard Agency 


compu 


3.1.6 


The P 
siona 
and p 
able 


ter security regulations. 


Human Engineering Characteristics 


RIM System will be designed to be used by non-technical profes- 
ls and support personnel. Therefore, PRIM will be simple to use 
rovide guidance by responding with clear, concise and understand- 
messages. 


The PRIM System will be designed to facilitate data retrieval 


from 


the centralized data files by components utilizing the techniques 


of menus or prompts. 


contr 
of th 
Accep 
moved 


roe eas 


An in 


The PRIM software in development/maintenance must be carefully 
olled and documented so all personnel involved are totally aware 
e status. All PRIM software will be thoroughly tested using an 
tance Test Plan and will be accepted by the user before it is 

to the Production System. 


Interface Characteristics 


terface is required with the HRS2 Data Base where the source data 


currently resides or where it will reside when it is due in the PRIM 


Data 
the P 


inter 
GIM r 
Data 
lease 
the i 


Base. An HRS2/PRIM interface will be the only means of updating 
RIM centralized data files. 


Currently, extract and load will be the mechanism used for this 

face. However, if a new mechanism is made available in a future 
elease, the interface mechanism will be reconsidered. The PRIM 

Base will be built and provided to the customer in five (5) re- 

s. The first, third, and fifth releases will expand the size of 
nterface between HRS2 and PRIM as described below: 


The first release of PRIM will make available to the components 


the most frequently requested HRS2 data (employee, organizational, and 


posit 
PERSI 


ion, and HRS2 data needed for query). These data lists are NAME, 
GN, QUAL(Active), HPOSNR, LREQID, ORGCODE, POSNR, and STRENGTH. 
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. The first release of the PRIM System requires data values from 63 
HRS2 COMVAD dictionaries. These dictionaries are needed for data val- 
idations and text retrieval when querying and reporting from the PRIM 
Data Base. 


The third release of PRIM will include seven additional HRS 
projects and supporting dictionaries in the HRS2/PRIM interface. 
These projects are: CEMLOC, CIARDS, CTP, PERFIT, PERSEAS, CENQUAL 
(QUACOM), and TRAIN. CEMLOC is scheduled to be made part of the HRS2 
Data Base. 


The fifth release of PRIM is IAPS, Integrated Applicant Process- 
ing System (presently CAPER), a system planned for incorporation into 
development in the HRS2 Data Base. If IAPS is added to the HRS2 Data 
Base, it will also be included in the PRIM System as Release 5 and 
will be included in the HRS2/PRIM interface schedule. If TAPS is not 
made a part of the HRS2 Data Base, there are no plans to incorporate 
it into PRIM. 


It is important that a good communication link be established be- 
tween the data base managers and the Primary Applications Specialists 
(PAS) for the HRS2 Data Base and the PRIM Data Base. This link will 
guarantee that dictionary changes made to data lists in the HRS2 Data 
Base and affected by the HRS2/PRIM interface are simultaneously incor- 
porated in the PRIM Data Base. 


3.1.8 Component Description 


Figure 4 of the Appendix graphically depicts the interface be- 
tween the HRS2 Data Base and the PRIM System to centralize official 
data for component use. 


3.2 COMPONENT DATA FILES 


3.2.1 Component Objectives 


Another major objective required in the PRIM System is to provide com- 
ponent data files for components to enter, update, and retrieve their 


own component data. 


The term component data refers to any data not transferred into the 
PRIM System from an external System thereby, requiring data entry by 
the components of their own data. 
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Bue ed, Functional Characteristics 


The Component data files will be used by the Components as work files 
for planning and projecting personnel assignments, Career Management 
activities, and Directorate-Level reporting. These files will also 
have some reserved fields that can be used by individual components 
for their specific needs. 


The Component Files are to be a mirror like image of the Of- 
ficial file fields (PERSIGN, POSNR, ORGCODE) moved to the component 
file area. Based on the selection criteria for that particular compo- 
nent, data lists would be created of PERSIGN, POSNR, and ORGCODE with 
new fields (from Release 2 questionnaire) and reserve fields. The 
components must have the add, change, and delete capability to key in- 
formation into these fields if they wish the data to be different from 
the official record. When the component adds a potential reassign- 
ment-in record to the component file, a check must be made to ensure 
the SSN is in the components's SEGACCESS segment. If it is not then 
the losing component must transfer the record to the gaining component 
which would permit access to the record. If it is a potential new 
EOD, a check of SEGACCESS and PERSIGN would indicate no official re- 
cord of the SSN and then the component could add the SSN. A flag 
would be generated on a field that is being changed by the component. 
Over the weekend the linking procedure would be initiated and the of- 
ficial files would be made current. The fields in the official and 
the component files would then be compared. If the fields are differ- 
ent and the component fields have no flag, the component fields would 
be changed to equal the official fields. If the fields are equal and 
the component fields have a flag, the flag would be deleted. If the 
fields are different, and the component fields have a flag, the compo- 
nent fields are not changed. 


A compare of the active SEGACCESS segment to the component 
SEGACCESS segment would either add new SSNs (EODs) or delete SSNs 
(separations which moved from PRIM PERSIGN to PRIMSEP). These records 
respectively would be added to or deleted from the component PERSIGN 
file. This compare would also apply to POSNR and ORGCODE. 


The components need a user-friendly method of updating their com- 
ponent files such as general purpose update menus which allow the 
users to simply enter the changes desired to their record fields. 


A menu will be designed to enable the components to establish ed- 
its and validations for their reserve fields. This menu would permit 
the components to use the same fields created for the component files 
but establish unique edits and validations, e.g. length of field, re- 
name the fields, alpha/numeric, for their specific fields and store 
them in a file with a unique name using their signon org. There 
should be a tie-in of their signon org to this file for retrieval pur- 
poses. Upon updating their component files, the update menus must 
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call in this specific edit/validation file unique to the component and 
use in conjunction with the input menu. 


A skeletal manning table menu will be designed to produce a basic 
manning table sorted by orgcode, position sequence number similar to 
the current Staffing Complement produced by the Office of Personnel. 
Menus are needed to simplify the capability to add or change the 
fields that print out on the manning table. The purpose of creating a 
component manning table is to pull both official and component data 
together to produce a management tool for planning purposes. 


Components must have access to data on employees who have been 
nominated for assignment to their component. When an employee has 
been nominated for reassignment consideration to another component, 
the losing component must be able to electronically provide requested 
employee data from the PRIM System to the gaining component. A re- 
quest for this data must be initiated by the gaining component and is 
limited to the data available in the PRIM System. The requested data 
will be basic employee data as is normally found in a Biographic Pro- 
file Report. 


This paragraph deleted. 


The reporting capabilities established for the centralized data 
files will also be available for components to report from their work 
files. (See Data Retrieval by Components) 


Security restrictions will limit a component to queries and re- 
ports from only it's component work file. (See Controlled Component 
Data Access) 


3.2.3 Performance Characteristics 


The Component data files will be for the express use of the Components 
to perform data manipulation when planning and projecting personnel 
assignments, and later in Release 4 for a Career Management package. 
Unlike the centralized data files, the data files can be added to, de- 
leted from, and changed by the components. 


The PRIM System will be available for all components during nor- 
mal hours (Monday through Friday from 0700-2000 hours) and other than 
normal hours by advanced request. A degraded mode should only affect 
response time and should not last for more than one day. Response 
time for 95% of the direct queries should be 4 seconds and a complex 
query (end-to-end search) at the rate of 2000 records per minute. 


The PRIM System will provide consistent responses for queries and 
updates as long as the data and/or the software has not been changed 
by an update. The estimated concurrent users for the PRIM Data Base 
could be as high as 200 when all releases have been completed. Compo- 
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nent data files will not be available in Release 1; edit and 
validation of component data files, built-in flexibility, and update 
response level will be defined in the detailed requirements for Re- 
lease 2 of the PRIM System. 


The official files that are duplicated in the component files 
will retain the same edits and validations that the official files 
have. New fields created for the component files will have specific 
edits and validations, e.g. new date fields created in component files 
will be input in the same manner and stored the same as a date field 
in the official files. The reserve fields will have specific length 
edits. 


Components will be responsible for the updating of their compo- 
nent files via menus. By using these menus, this will result in a di- 
rect update to their files. Menus developed for Release 2 must pro- 
vide the flexibility of changing fields that are printed on the 
manning table report. Reserve fields will be created to provide flex- 
ibility in allowing components to store their own unique personnel 
data. 


The DBMS must support queries and reports requesting data from up 
to 30 different user data files utilizing a minimum of 70 edit/valida- 
tion dictionaries. 


A daily backup with audit trails of all updates to data and soft- 
ware will be done automatically for the PRIM System. One daily backup 
per week will be stored in a location other than the primary use area 
and one daily backup per month will be stored at an off-site location. 


The capability will exist to restore the PRIM System as of the 
close of business the previous day, and also reprocess activity for 
the current day. This restore/reprocess procedure will take less than 
2 hours and will be done by the DBCC/IMD/ODP at the request of the 
PRIM Data Base Manager. 


After a temporary system halt which does not require a complete 
restart of the system or reinitiation of a signon, any active computer 
process which was interrupted will be restarted without user interven- 
tion. 


3.2.4 Security Characteristics 


In Release 2 the Data Base Manager will create a new SYSMAN2 en- 
try which will provide the update capability to only those individuals 
identified by the component. A limited number of designated users, 
determined by the component managers, will be given the capability to 
add, change, and delete data in the component files. 


The capability to update must be controlled separately from the 
capability to retrieve component data. Likewise, the capability to 
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retrieve each type of component data, i.e., future personnel 
assignments, Career Management data, and Directorate-Level data must 
be controlled separately. Each component manager must identify each 
capability required for each System user, and notify the PRIM Data 
Base Manager. The Data Base Manager should also be notified of any 
changes in access requirements. 


Components will be asked to have a limited number of designated 
people who require read and/or write access to the PRIM Data Base, 
e.g., Personnel Officer, Career Management Officer, or Training Offi- 
cer. 


Other U.S. Government employees responsible for the Administra- 
tive control of Joint National Programs require read and/or write ac- 
cess to the PRIM Data Base, (TBR) 


All Acceptance Testing and Production activity performed outside 
of the Headquarters building will utilize only equipment approved for 
classified use. This is required because the data used from Accep- 
tance Testing onward is classified information. The PRIM component 
data files will not be affected by changes to the main frame computer, 
and new online equipment must be compatible to the existing online 
equipment. 


The secure operation of the PRIM System requires that Specific 
software controls be placed on all users. The controls are needed to 
assist in the protection of sensitive data stored in the PRIM Data 
Base from unauthorized disclosure, modification or destruction. Use 
of the PRIM System from remote terminals must be controlled by an au- 
thorized identifier (USERID) and then authenticated with a classified 
password. 


The PRIM software in development/maintenance must be carefully 
controlled and documented so all personnel involved are totally aware 
of the status. All PRIM software will be thoroughly tested using an 
Acceptance Test Plan and will be accepted by the user before it is 
moved to the Production System. 


All of the Data Base Management System software related to con- 
trolling read/write access to the PRIM System and to data in the com- 
ponent data files is highly sensitive and must be limited to only the 
individuals needing the information. 


35235 Hardware Characteristics 


The volume of data and the number of concurrent users accessing the 
PRIM System requires a main frame computer. Peripherals in common use 
include video terminals (Delta Data 5000 or 7260 series) printers (TI 
Silent 700, Design 100). The PRIM System must utilize these devices 
as long as it is efficient. 
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The PRIM component data files will be accessed by the individual 
components through existing equipment. The components will be respon- 
sible for acquiring any additional equipment needed to access the PRIM 
System. Any equipment, specifically terminals or printers, currently 
installed or newly acquired by the components, must comply Mee stan- 
dard Agency computer security regulations. 


3.2.6 Human Engineering Characteristics 


The PRIM component data files (work files) will be designed to be used 
by non-technical professionals and support personnel. Therefore, PRIM 
will be simple to use and provide guidance by responding with clear, 
concise and understandable messages. 


The PRIM component data files must be designed to facilitate data 
entry and data retrieval by components utilizing the techniques of 
menus or prompts. The PRIM software identified as the latest produc- 
tion release will be completely isolated from all development activi- 
ty. There will be stringent control procedures established for updat- 
ing the PRIM production software. The version of the PRIM software 
accepted by the user will be the version baselined as operational. 


3.2.7 Interface Characteristics 


The interface with the HRS2 Data Base will also include some valida- 
tion dictionaries to be used to validate data input into prespecified 
attributes of the component data files. Validation of reserved fields 
will be the responsibility of the individual components via the edits 
and validations established in Release 2. 


3.2.8 Component Description 


Figure 5 of the Appendix graphically depicts the component data 
files in the PRIM Data Base and how they will be used by the compo- 
nents. 


3.3 CONTROLLED COMPONENT DATA ACCESS 


3.3.1 Component Objectives 


One of the major functions of the PRIM System is to provide a means of 
restricting components to only that data which pertains to that compo- 
nent. 
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3.3.2 Functional Characteristics 


The PRIM Data Base has a requirement for a special security matrix 
system which will control the read and/or write access to files, to 
records within these files, and to specific data elements within the 
records. Standard security provided with a GIMS data base can provide 
the security needed on a particular attribute or to a particular file. 
Standard GIMS security, however, cannot selectively restrict a user to 
only specific records in a file. Components will be asked to have a 
limited number of designated people who will actually access the data, 
e.g., Personnel Officer, Career Management Officer, or Training Offi- 
cer. 


Contractors will not have read/write access to classified data 
either in development or production. 


The major security requirement is to control the read/write ac- 
cess of a component so they can only 


1. query and report on organizational, position and employee data, 
2. enter, update, and retrieve component data, 


3. access only the records for individuals assigned to 
that component, or have the Career Service Designation 
of that component, and 


4. access data passed electronically between components for 
individuals with an upcoming assignment to that component. 


The Directorate-Level requires query and report access to offi- 
cial position data, as well as data for employees assigned to every 
office within that Directorate or who have a Grandfather Career Ser- 
vice Designation associated with that Directorate. 


Other U.S. Government employees responsible for the Administra- 
tive control of Joint National Programs require read and/or write ac- 
cess to the PRIM Data Base. 


Security controls must restrict other U.S. Government employees 
to only 


o query and report on organizational, position 
and employee data, and 


o enter, update, and retrieve component data 
for only those individuals assigned to a 
specific Joint National Progrm (TBR) 


There must be limited read access to an employee's race code. 
Only designated personnel such as those responsible for preparing ap- 
plicant and promotion data for Uniform Selection Review Reports can 
have read access to this code. 
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3.3.3 Performance Characteristics 


The security requirements placed on the PRIM System require that all 
data access be through a controlled mode. Software controls will be 
placed on all users to assist in the protection of sensitive data 
stored in the PRIM component work files for unauthorized disclosure, 
modification or destruction. Through this controlled mode, a strict 
security check can be imposed to restrict a component's retrieval (ex- 
tract or query) to only data prespecified for that component. 


The security controls must prevent anyone from adding, deleting, 
or changing official data stored in the PRIM Data Base. 


Update and retrieval capabilities of component data must be 
available to the component users. The capability to update must be 
controlled separately from the capability to retrieve component data. 
Likewise, the capability to retrieve each type of component data, 
i.e., future personnel assignments, Career Management data, and Direc- 
torate-Level data must be controlled separately. Each component man-~ 
ager must identify each capability required for each system user, and 
notify the PRIM Data Base Manager. Further security restrictions can 
be established by components on work files to specific individuals for 
specific tasks (retrieval, input, delete, change, extract). 


The PRIM System will be designed so no one can inadvertently af- 
fect the established access of other PRIM users, the established or- 
ganization of the PRIM Data Base, or the values stored in the PRIM 
Data Base. 


3.3.4 Security Characteristics 


Request for access to the PRIM Data Base can only be initiated by 
preauthorized persons in each component through the PRIM Data Base 
Manager. The security matrix will be monitored and updated by the 
data base manager. The secure operation of the PRIM System requires 
that specific software controls be placed on all users. The controls 
are needed to assist in the protection of sensitive data stored in the 
PRIM Data Base from unauthorized disclosure, modification or destruc- 
tion. Access to the PRIM System from remote terminals will be con- 
trolled by an authorized identifier (USERID) and then authenticated 
with a classified password. 


A daily report will be provided to the PRIM Data Base Manager 
identifying any violations of established access control to the PRIM 
System. This report will be similar to a report produced on the HRS2 
Data Base. The report will identify persons who are forced off the 
PRIM System after three (3) security code violations. The report will 
list: 


1. Data Base Name, 
2. User Identification, 
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3. Terminal Identification, 
4. Date and Time of violation, 
5. If appropriate, 

a) Data List Name, 

b) Transaction Number, and 


c)} Verb Name. 


The PRIM software identified as the latest production release 
must be completely isolated from all development activity. There must 
be stringent control procedures established for updating the PRIM pro- 
duction software. The version of the PRIM software accepted by the 
User must be the version baselined as operational. 


The PRIM software in development/maintenance must be carefully 
controlled and documented so all personnel involved are totally aware 
of the status. All PRIM software must be thoroughly tested using an 
Acceptance Test Plan and must be accepted by the User before it is 
moved to the Production System. 


All of the Data Base Management System software related to con- 
trolling read and/or write access to the PRIM System and to data in 
the PRIM System is highly sensitive and must be limited to only the 
individuals needing the information. 


3.3.5 Hardware Characteristics 


The PRIM System will be accessed by the individual components through 
existing equipment. Peripherals in common use include video terminals 
(Delta Data 5000 or 7260 series) printers (TI Silent 700, Design 100). 
The components will be responsible for acquiring any additional equip- 
ment needed to access the PRIM System. Any equipment, specifically 
terminals or printers, currently installed or newly acquired by the 
components, must comply with standard Agency computer security regula- 
tions. 


All Acceptance Testing and Production activity performed outside 
of the Headquarters building must utilize only equipment approved for 
classified use. 
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3.3.6 Human Engineering Characteristics 


The PRIM System will be designed to be used by non-technical profes- 
sionals and support personnel. Therefore, PRIM will be simple to use 
and provide guidance by responding with clear, concise and understand- 
able messages. Access to the PRIM Data Base as viewed by the User 
must not exceed two verification processes requiring a correct re- 
sponse by the User. 


The PRIM System must be designed to facilitate data entry and 
data retrieval by components utilizing the techniques of menus or 
prompts. A periodic Data Base Exception Report will be produced to 
identify query statements executing longer than 1 2/3 minutes (100 
seconds). The report will be used by the Data Base Manager to focus 
on component areas that may need guidance on creating cost effective 
queries. The report will include the following data: 


data base name, 

data list name, 

user identification, 
terminal identification, 
user organization, 

date and time of exception, 
transaction number, and 
verb executing. 


oo0ao0o0qg0o090 


3.3.7 Interface Characteristics 


An interface is required with the HRS2 Data Base to acquire data from 
PERSIGN's INTERFACE Data List. The INTERFACE Data List contains data 
which will be used to update the PRIM security matrix used by compo- 
nents to retrieve data from the PRIM Data Base. 


An extract will be used to pull the necessary data from the 
PERSIGN INTERFACE Data List resident on the HRS2 Data Base. The 
PRCHGLOAD procedure will then scan the PERSIGN's INTERFACE data for 
SSN changes, 'ZZ', 'RE', and 'SD' actions or any action changing Ser- 
vice Designation or ORG CODE and make the necessary updates to PRIM 
PERSIGN or PRIMSEP. The '2Z' action will be identified by the proce- 
dure, but handled manually by the PRIM Data Base Manager. 


3.3.8 Component Description 


Figure 6 of the Appendix will illustrate the level of security 
validations required for access to the PRIM System. 
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3.4 DATA RETRIEVAL BY COMPONENTS 


3.4.1 Component Objectives 


The PRIM System will provide the capability for components to generate 
their own online queries or reports, offline reports, or graphs uti- 
lizing official as well as component data. 


3.4.2 Functional Characteristics 


PRIM will allow components the flexibility of producing their own 
queries, reports, and graphs. The official Office of Personnel re- 
ports produced from the HRS2 Data Base are produced on a predetermined 
schedule and are produced for all components. Components will be al- 
lowed to use the Organizational, position, employee, or component data 
as well as data utilized for edit/validation functions within the PRIM 
Data Base for reporting purposes. These outputs represent working 
tools used by the Personnel Officer, Career Management Officer, Office 
Director, and the Training Officer of a component. Components plan to 
use the PRIM System reporting capabilities in their day-to-day manage- 
ment. Office of Personnel reports will continue to be the official 
reporting mechanism for components reporting to Directorate-Level. 


Some of the output reporting requirements will be for: 
Component generated online queries 
Component generated offline reports 
Component generated basic graphics capabilities 
Career Management Reports 
Data Base Reports for Statistics, Exceptions, and Security 
Data Dictionary Reporting 


The component online query requirements from PRIM are varied and 
will include such items as: 


1. List the Position, Schedule, and Grade of an employee 
to insure the proposed assignment conforms to 
Office of Personnel mandated Assignment Controls. 

2. Count Positions of a selected Occupational Series. 

3. Counts of LWOP Cases and NTE Dates. 

4. List date of last change to a position. 

5. Count of vacant positions. 

6. List the date a position was officially deleted. 

7. List daily strength for: 
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part-time 

full-time 

Dev Comp 

LWOP 

Details in/out 

Sick Leave (approved for disability retirement) 
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List the Service Designation of a position 
versus the incumbent. 


List the Subcategory Code of a position. 
List selected Cover Items. 
List FLSA Designation of Employee. 


List projected WGI to ascertain whether to hold 
a promotion until the WGI is granted. 


The component's offline report requirements will utilize the re- 


portwriter capability of GIMS as well as the RAMIS reportwriter avail- 
able through the RAMGIM procedure. Examples of the offline reports 
needed from PRIM are: 


ale 


Directorate-Level Statistics 


To produce reports such as a Branch's production 
activities or analytical resource expenditures 
for a given period of time. 


Component Level Reports 


To produce reports of a component's active employees 
with a duty tour of part-time, sorted alphabetically 
by last name, with the employee's type of duty tour 

and number of hours scheduled to be worked, and 


To produce a report of a component's active staff 
employees, sorted by station location, and sorted 
alphabetically by employee's last name, and 


Career Management Reporting 


To produce reports such as a listing of employees 
with a particular schedule and grade level, with 
a specific career service designation, assigned 
to a particular area, and sorted by date of grade. 


RAMIS Graphics will also be used through the RAMGIM procedure to 


produce very simple graphs utilizing 2 dimensions (x,y axes). Graphs 
can be produced using histogram, bar, and point-plots. 
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An example of a typical graph is a Competitive Evaluation 
Profile. This graph lists the evaluation criteria on one axis, the 
point values on the other axis. All evaluated employees are identi- 
fied to a particular peer group. Each peer group is represented by a 
graph showing the total counts for that group of how people were rated 
and printed at the appropriate intersection of the x and y axes. 


Standard Career Management Reports to be used Agency-wide will be 
produced in the PRIM Data Base. These reports, however, will not be 
created until PRIM Release 4. This requirement will be defined in de- 
tail in Release 4 design phase. 


3.4.3 Performance Characteristics 


Reports produced from the PRIM Data Base by component will be used as 
working tools by the component's Personnel Officer, Career Management 
Officer, Office Director, and Training Officer. Components will have 
the capability of creating reports using the data they are authorized 
to access. Under normal operating conditions, a report produced 
through the PRIM System should complete in 2 hours with a maximum 
overnight turnaround. Data from the PRIM Data Base can be displayed 
on a CRT terminal, thermal paper, computer paper, or cut paper. 


The PRIM Data Base must be in sync with the HRS2 Data Base at the 
beginning of business each day for each data list loaded to the PRIM 
System. A daily data base statistical report is required for the PRIM 
Data Base Manager. This report should be similar to the current GIMS 
II Data Base Statistics Report for the HRS2 Data Base. This report 
should be alphabetized by the PRIM Data List name and will include at 
a minimum the number of items in each Data List on the PRIM Data Base. 


The PRIM System will provide consistent responses for queries and 
extracts as long as the data and/or the software has not been changed 
by an update. The PRIM Data Base is estimated to have 200 concurrent 
users when all releases are available. The DBMS must support queries 
and reports requesting data from up to 30 different user data files 
utilizing a minimum of 70 edit/validation dictionaries. All of these 
files will not be needed in Release 1. 


Under a normal working mode, 95% of the direct queries against 
the consolidated data files will complete in 4 seconds and a complex 
query (end-to-end search) will complete at the rate of 2000 records 
per minute. 


Software errors will be given immediate attention. Software en- 
hancements will be documented to guarantee ease in future maintenance. 
The PRIM System will be designed to allow future expansion with little 
affect on the maintainability of the software. 


The PRIM System must provide report writer software for the user 
to produce their own output in report or graphic format, as well as, 


Approved For Release 2005/08/02 : CIA-RDP88-00893R000200060007-0 
UNCLASSIFIED 22 


Approved Fox Release 2095802 FCIAIRDP88-00898R00020008000756 
SDD-C20~1B 


the capability to portray data on a CRT terminal, on computer paper, 
or on cut paper. 


3.4.4 Security Characteristics 


Security controls will restrict a component to report on organization- 
al, position, and employee data which has been predefined for their 
access from the centralized data files or from it's own component work 
file. 


All components will be required to use Agency standard control/ 
classification labels for all online and offline reports, i.e., 
UNCLASSIFIED, CONFIDENTIAL, SECRET, TOP SECRET. 


Components will be asked to have a limited number of designated 
people who require read and/or write access to the PRIM Data Base, 
e.g., Personnel Officer, Career Management Officer, or Training Offi- 
cer. Contractors must not have read/write access to classified data 
either in development or production. 


Security controls must restrict other U.S. Government employees 
to only 


o query and report on organizational, position and 
employee data, and 


o enter, update, and retrieve component data 


for only those individuals assigned to a specific Joint National Pro- 
gram. (TBR) 


There must be limited read access to an employee's race code. 
Only designated personnel such as those responsible for preparing ap- 
plicant and promotion data for Uniform Selection Review Reports can 
have read access to this code. 


Update and retrieval capabilities of component data must be 
available to the component users. The capability to update must be 
controlled separately from the capability to retrieve component data. 
Likewise, the capability to retrieve each type of component data, 
i.e., future personnel assignments, Career Management data, and Direc- 
torate-Level data must be controlled separately. Each component man~ 
ager must identify each capability required for each system user, and 
notify the PRIM Data Base Manager. 


Security controls must restrict a component to 


1. query and report on organizational, position 
and employee data, 


29. retrieve only it's component data, 
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3. access only the records for individuals 
assigned to that component, or have the 
Career Service Designation of that component, 


4. access data passed electronically between 
components for individuals with an upcoming 
assignment to that component. 


The Directorate-Level requires read access to the HRS2 data for 
organizational, position, and employee data for every office within 
the Directorate, or who have a Grandfather Career Service Designation 
associated with that Directorate. 


Retrieval capabilities of component data must be available to the 
component users. The capability to retrieve each type of component 
data, and Directorate-Level data must be controlled separately. Each 
component manager must identify each capability required for each sys- 
tem user, and notify the PRIM Data Base Manager. 


A standard report will be sent to the ACF2 Control Officer show- 
ing ACF2 violations by persons attempting to illegally access a data 
set. 

The PRIM System must provide daily reports to the PRIM Data Base 
Manager identifying any violations of established read and/or write 
access control to the PRIM System. The violations of established ac- 
cess control report should be similar to the HRS2 Data Base report. 
It should be provided daily and identify who has been forced off the 
PRIM System after 3 security code violations. The report should list 
at a minimum: 

1. Data Base Name, 
2. User Identification, 
3. Terminal Identification, 
4. Date and Time of violation, 
5. If appropriate, 
a) Data List Name, 


b) Transaction Number, and 


c) Verb Name. 
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3.4.5 Hardware Characteristics 


The PRIM System will be accessed by the individual components through 
existing equipment. Peripherals in common use for producing reports 
include video terminals (Delta Data 5000 or 7260 series) printers (TI 
Silent 700, Design 100, High Speed), and graphics devices (the 4000 
series of Tektronics Graphics terminal and the 6200A, RAMTEK Terminal/ 
Color Graphics). Any equipment, specifically terminals or printers, 
currently installed or newly acquired by the components, must comply 
with standard Agency computer security regulations. 


3.4.6 Human Engineering Characteristics 


The PRIM System will be designed to be used by non-technical profes- 
sionals and support personnel. Therefore, PRIM will be simple to use 
and provide guidance by responding with clear, concise and understand- 
able messages. 


The procedure to query the PRIM data online or produce hardcopy 
reports must be easy to comprehend, and utilize an English-like lan- 
guage similar to the RAMIS Report Writer Language. 


The procedures to print a PRIM report offline will be predefined 
and will utilize prompting techniques to obtain data needed to print 
the desired report. The output will be properly identified to show 
user and office code. 


A daily Data Base Exception Report will be produced to identify 
query statements executing longer than 1 2/3 minutes (100 seconds). 
The report will be used by the Data Base Manager to focus on component 
areas that may need guidance on creating cost effective queries. The 
report should include the following data: 


data base name, 

data list name, 

user identification, 
terminal identification, 
user organization, 

date and time of exception, 
transaction number, and 
verb executing. 


900000000 


3.4.7 Interface Characteristics 


There are no data base interface requirements needed to satisfy this 
section. 
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3.4.8 Component Description 


Figure 7 of the Appendix illustrates the retrieval capabilities 
available to components in PRIM. 
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MEMORANDUM FOR: PRIM Project Manager, ODP/MSG/ISD/IDB 


25X1A FROM: eee 
Chief, Applications and Project Group, OC 


SUBJECT: Revision to the Detailed System Requirements 
Document for PRIM. 


REFERENCE: Detailed System Requirements Document, DSR-C20-1B, 
dated 21 June 1984. 


1. Upon reviewing ref document, it was noted that the TEMPEST 
section did not provide enough guidelines as to what type of 
equipment should be used in Headquarters and at Agency leased 
buildings. To ensure emanations security requirements are met, and 
that only equipment approved for classified processing is used, it 
is requested that the following changes be made to referenced 
document; 


3.3.6.3 TEMPEST 

3.3.6.3-1 Equipment used outside the Headquarters building in 
the PRIM system must meet the requirements of NACSIM 
5100A. 

3.3.6.3.2 Equipment located in the Headquarters building must 
be National Security Agency (NSA) zone 3 equipment 
listed in "Tempest Zone Assignments for Information 
Processing Equipment." (C) 


25X1A 2. For additional information and a listing of approved 


equipments foo contact[ sid NM See eXtension 25X1A 
Ae ( te 25X1A 


ye" a 


WARNING NOTICE 25X1 
INTELLIGENCE SOURCES 
OR METHODS INVOLVED CONFIDENTIAL 
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APPENDIX 
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CENTRALIZING OFFICIAL DATA FOR COMPONENT ACCESS 


QUERIES, REPORTS 
(READ ONLY ACCESS) 
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